VMware authd Service Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1021512 |
|
SecurityTracker URL: http://securitytracker.com/id/1021512
|
|
CVE Reference:
CVE-2009-0177
(Links to External Site)
|
Updated: Apr 6 2009
|
Original Entry Date: Jan 4 2009
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 2.5.1 build-126130 and prior versions; other versions are also affected
|
Description:
A vulnerability was reported in VMware. A remote user can cause denial of service conditions.
A remote user can send a specially crafted username or password to the authd service to cause the target service to crash.
VMware Player and VMware workstation are affected.
Laurent Gaffie reported this vulnerability.
The original advisory is available at:
http://milw0rm.com/exploits/7647
|
Impact:
A remote user can cause denial of service conditions.
|
Solution:
The vendor has issued a fix.
VMware Workstation (Windows): 6.5.2 build 156735 or later
VMware Player (Windows): 2.5.2 build 156735 or later
ACE (Windows): 2.5.2 build 156735 or later
Server (Windows): 2.0.1 build 156745 or later
Fusion (Mac OS/X): 2.0.2 build 147997 or later
The vendor's advisory is available at:
http://www.vmware.com/security/advisories/VMSA-2009-0005.html
|
Vendor URL: www.vmware.com/security/advisories/VMSA-2009-0005.html (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
UNIX (OS X), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 3 Jan 2009 20:10:09 -0500
Subject: VMware Player
|
http://milw0rm.com/exploits/7647
|
|
